RSS   Vulnerabilities for 'Shib auth'   RSS

2009-12-31
 
CVE-2009-4527

CWE-264
 

 
The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before 6.x-3.2, a module for Drupal, does not properly remove statically granted privileges after a logout or other session change, which allows physically proximate attackers to gain privileges by using an unattended web browser.

 

 >>> Vendor: NIIF 4 Products
Shib auth
Shibb auth
Shibboleth authentication module
Shibboleth authentication


Copyright 2024, cxsecurity.com

 

Back to Top